Tutorial: Configure JumpCloud with Access Server via RADIUS
Configure Access Server to authenticate with your JumpCloud user directory using RADIUS authentication. Follow this guide to set up RADIUS authentication.
Overview
You can configure Access Server to authenticate against JumpCloud via RADIUS. This document outlines the steps to set this up.
This setup expects you to have the following:
A JumpCloud account with admin access and an existing user directory.
Access Server installed with a public IP address.
Installed Access Server
JumpCloud directory
Start by creating the JumpCloud RADIUS server. JumpCloud hosts the server for you, so you don't need to set up any hardware.
Sign into the JumpCloud admin console.
Click RADIUS under User Authentication.
Click ( + ) to add a new RADIUS server.
Configure the RADIUS server:
Enter a friendly name for the server in Server Name.
Enter your Access Server's IP address in IP Address.
Copy the Shared Secret.
Click the Authentication tab.
Select JUMPCLOUD from the Identity Provider dropdown.
Select Password as the authentication method.
(Optional) Enable MFA.
Click the User Groups tab.
Select the appropriate group(s) of users to grant access.
Click Save.
Important
Ensure you enter your Access Server's public IP address. It won't work with a private IP address.
Now you can configure RADIUS with Access Server using your web-based Admin Web UI.
Sign in to the Admin Web UI.
Click Authentication > RADIUS.
Enable RADIUS authentication.
Enter the JumpCloud RADIUS server details in Hostname or IP Address.
Tip
You can find the JumpCloud RADIUS server details in their documentation, then choose the server closest to you.
Enter the shared secret from the JumpCloud RADIUS server in Shared Secret.
Set the Verify Message-Authenticator Attribute to No.
Message-Authenticator not currently supported
At the time of publication, this RADIUS service doesn't currently return a Message-Authenticator as part of its response.
Select MS-CHAP v2 (recommended) as the RADIUS Authentication Method.
Note
You can also configure RADIUS from your Access Server console using the command-line interface. Refer to Tutorial: Manage the RADIUS Authentication Method from the Command-line Interface.
You can set RADIUS as the default authentication method or as the method by users or groups.
When you set it as the default authentication method, all users authenticate via RADIUS unless their group or user authentication method overrides it. When you set it as the group authentication method, all users in the group authenticate via RADIUS unless their user authentication method overrides it. When you set it as the user authentication method, the user authenticates via RADIUS.
Sign in to the Admin Web UI.
Click Authentication > Settings.
Select RADIUS for Default Authentication System.
Sign in to the Admin Web UI.
Click User Management > Group Permissions.
Click More Settings for the appropriate group.
Select RADIUS for the Auth method.
Sign in to the Admin Web UI.
Click User Management > User Permissions.
Click More Settings for the appropriate user.
Select RADIUS for the Auth method.
You can now authenticate with RADIUS using the JumpCloud usernames and passwords.
Tip
You can view details about the last authentication attempt in JumpCloud by clicking on the RADIUS server. The details are displayed under Network Device Details.
If you encounter issues with users connecting, this may be due to one or more reasons:
Misconfiguration.
User isn't a member of the group with JumpCloud RADIUS access.
Network problems.
Incorrect credentials.
One or more of the steps below may resolve the issue:
Ensure the user's password works by signing into the JumpCloud user portal.
Important
The portal uses the email address, while RADIUS expects the username.
Ensure you entered the Access Server public IP address as the IP address for the JumpCloud RADIUS server configuration.
Ensure the shared secret matches on both JumpCloud and Access Server.
Ensure users are members of the User Group granted access to RADIUS.
Ensure users are in an active state on JumpCloud.
Ensure port 1812/UDP is open.
Reach out to our support, and we can help.